With the focused efforts and modernization of our health care system over the last decade and the ever growing use of electronic health protected information, the need to ensure the protection of health information has become vastly more important. The complexity to ensure compliance with the rules and regulations included in the Health Insurance Portability and Protection Act (HIPAA) and the Heath Information Technology for Economic and Clinical Health Act (HITECH) have also increased substantially.

These acts have required healthcare providers to take new steps to ensure compliance with governmental privacy, security and breach notification rules as well as be subject to audits by The Office of Civil Rights (OCR) of the US Department of Health & Human Services (HHS). In 2011, the OCR initiated their Phase 1 pilot audit program of 115 healthcare covered entities with the intent of assessing their compliance controls and processes. As of March of this year, the OCR initiated Phase 2 of their audit program based upon the results of the Phase 1 audit and are now increasing efforts to assess compliance with HIPAA Privacy, Security and Breach Notification Rules.

I3 can help your business by helping assess your vendor relationships with the intent of identifying Business Associates and then implementing with them compliant Business Associate Agreements. As a long term strategy, i3 can help your organization prepare for the Phase 2 audit by implementing a lasting, organizational vendor management program to ensure lasting compliance into the future.


Information on HHS OCR Audit Program: